🌀What do we need to know about secure SDLC?

From scratch to prod, what should we care about from a Security perspective to secure our Software Development Life Cycle - SSDLC

The following is an abstract of all the main topics & tools mentioned at the meetup made the 9/5/2024.

meetup slides

Requirements gathering and analysis

• OWASP ASVS

• OWASP SAMM

• OWASP Top 10

• COBIT

• NIST SP 800-53

• LOPDGDD

System Design

• Draw.io Threat Modeling - Recommended

• Miro - General purpose diagramming

• OWASP Threat Modeling Cheat Sheet

• OWASP Threat Dragon

Coding

For tools mentioned at the talk I think most of them can be or either integrated with an IDE plugin or with pre-commit.

• Semgrep - Recommended

... to be continued